- Missed Loan Payment? Your Car Might Not Start
- Do You Text While Walking? This Lane Was Made for You
- How Come You Still Can’t Get a Home Loan?
- You May Want to Retire in One of These States
- Is It OK to Use Your Smartphone While Dining in a Restaurant?
- Walmart Offers an Alternative to a Bank Checking Account
- Ask Stacy: The Millennials Are Ruining This Country. What Can We Do?
- 4 Months of Emails Are MIA — What Should We Do?
Rest easy, Starbucks iOS mobile payment users: Download the company’s new app and your password and confidential account information will be safe.
Starbucks spokesperson Maggie Jantzen wrote in response to our earlier story about the security concerns that arose about the app. Jantzen tells us the company fixed the app, which previously had stored user names, passwords, GPS locations and other confidential customer information in an insecure clear text format.
Customers are urged to download the updated app for what Jantzen says is an “extra layer of protection.”
In addition, Jantzen directed us to an official Starbucks statement by the company’s chief information officer, Curt Garner, which says, in part:
1. We have no indication that any customer has been impacted by this or that any information has been compromised
2. Last week we added safeguards to protect against the theoretical vulnerabilities raised by [security researcher] Daniel Wood.
3. [We] released an update for the app that will add extra layers of protection, and are encouraging customers to download it as an additional safeguard.
The previous version of the app would allow anyone to plug the phone into a computer for just a few seconds and access sensitive information about the account holder and his or her location history, reports NBC News. The app would also have allowed unauthorized users to make purchases.
Wood, who originally uncovered the security misstep, tells Computerworld that the issues are resolved.
Computerworld also says:
It should be pointed out, though, that Wood is no longer the independent security researcher that he was two days ago, since Starbucks has now brought him on as a security consultant, along with the standard nondisclosure agreement. Wood said it is, at this time, an unpaid role.